9 matches found
CVE-2026-27695
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...
Allocation of Resources Without Limits or Throttling
Overview zae-limiter is a Rate limiting library backed by DynamoDB with token bucket algorithm Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the acquire function. An attacker can cause elevated latency and rejected requests for...
CVE-2026-27695
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...
CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...
CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...
CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service
zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...
CVE-2026-27695
The CVE concerns the zae-limiter rate limiter library. Prior to version 0.10.1 , all rate limit buckets for a single entity shared the DynamoDB partition key (namespace/ENTITY#{id}), which can cause throttling under high throughput and potentially affect co-located entities. The issue is fixed in...
PT-2026-21917
Name of the Vulnerable Software and Affected Versions zae-limiter versions prior to 0.10.1 Description zae-limiter, a rate limiting library utilizing the token bucket algorithm, is susceptible to throttling issues due to all rate limit buckets for a single entity sharing the same DynamoDB partiti...
zae-limiter 安全漏洞
Zae-limiter is a rate-limiting library open source by ZeroAE. Versions of Zae-limiter prior to 0.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that all rate-limiting buckets for a single entity shared the same DynamoDB partition key. This could lead to...